- Cyber Insurance
The Knowledge
,
1st October 2020When it comes to operating in the cyber insurance market, being busy is always a good thing. For Davis Kessler, the head of cyber at Travelers Europe and his team, the last few weeks have been something of a whirlwind as they are seeing first-hand a definite uptick in interest in this area. Having come to the UK from the US, Kessler noted, it has been interesting to see that much of what is happening in the UK SME market is similar to what happened in the US market about five or six years go.
“The US market had a bit of a head start following on state privacy breach legislation going into effect as far back as 2003,” he said, “And just as we still have low cyber insurance take up rates among UK SME’s, it was a similar situation in the US not too long ago. Though US market did have a head start, I predict the UK market will catch up at a quicker pace than it developed in the US, due to increased cybercrime activity, greater press coverage of that activity, and the rapid change in working environments, to name a few.”
There is, however, he said, still plenty of room for growth with the 2020 Cyber Breach Survey by DCMS recording that only 14% and 20% of small or mid-sized firms have dedicated cyber insurance, and only three in 10 have any type of cyber insurance at all. The role of brokers in guiding the evolution and uptick of cyber insurance solutions is something which Kessler has always championed, and he highlighted how the understanding of brokers have developed in recent years. The effort Travelers Europe is putting into reaching out to brokers and providing them with all necessary information is really starting to pay off.
“Over the last three years, I’ve seen the standard raised a good deal,” he said. “This has been a core focus for Travelers, and I like to think we may have helped a bit in this regard! But there’s a lot of information out there, both from insurers, the UK government, and other sources. Those brokers who have challenged themselves to become more knowledgeable in this area will have a better chance of being able to demonstrate how the policy can be beneficial to a first-time buyer.”
There’s still work to be done amongst insurers and brokers, he said, and this is made explicitly clear by the reality that amongst the seven out of 10 UK SMEs which have no form of cyber insurance a lack of awareness of cyber insurance was found to be one of the biggest reasons for businesses. In order to be able to increase the awareness of their clients of this critical area of coverage, there are five key things which Kessler wishes all brokers knew about these policies.
- “The days in which only companies storing a lot of personal information (finance, retail, health, education, etc.) are the only ones that need cyber insurance are long over,” he said. “Ransomware and associated business interruption losses, and business email compromise leading to funds transfer fraud are hitting companies in all industries and of all sizes.”
- A dedicated cyber policy offers more than just higher limits to bolt-on cyber covers to other package policies, Kessler stated. It will have broader coverage and come with benefits beyond indemnification, including breach response assistance and risk management tools.
- “Be wary of restrictive conditions and exclusions,” he said. “Some policies, particularly (but not always) when cyber is included within package policies, may contain conditions that the Insured maintain certain levels of protection, for example patch management, at all times for coverage to apply.”
- Brokers should be mindful of ‘Other Insurance’ conditions, Kessler said. Some policies will be specifically excess of any other insurance that may apply coverage. This could be particularly meaningful if a broad professional indemnity policy covers liability and arguably even some first-party breach response costs as well. These other policies may have larges excesses as well.
- “Minimum limits for dedicated cyber insurance – often £100,000 – offer a foot in the door, and bring with it the non-indemnity benefits of a cyber policy, including the risk management and breach response services, so it is certainly better than nothing,” he noted. “But with the rapidly increasing ransomware threat, the pricey costs of hiring expert breach response vendors, and the potential for business interruption, this limit may be quickly exhausted.”
